PHP/Loki.A not block by avast

BeSecure · 2017-08-17T06:16:16.000Z

File name panels.zip
SHA-256 19f13d3c1434cd580d0544b2b1a427383d1816c55ca47922df02572962ffdf3c

ESET-NOD32-PHP/Loki.A
DrWeb-PHP.BackDoor.75

V.T.-https://www.virustotal.com/#/file/19f13d3c1434cd580d0544b2b1a427383d1816c55ca47922df02572962ffdf3c/detection5 / 58
btw send via website(https://www.avast.com/report-malicious-file.php?page=success)

polonus · 2017-08-17T09:19:30.000Z

Hi Be Secure,

Often is that avast and DrWeb (v.v.) are complementary in detection; where avast missed it, DrWeb’s has it:
-http://www.noinaupho.com.vn/files/panels.zip is in Dr.Web malicious sites list!

Checking: -http://www.noinaupho.com.vn/files/panels.zip
Engine version: 7.0.28.2020
Total virus-finding records: 6308614
File size: 2.27 MB
File MD5: 810cda762a85a60a838409c64bd20e60

-http://www.noinaupho.com.vn/files/panels.zip/panels/inc/style/jquery-2.1.1.min.js - archive JS-HTML

-http://www.noinaupho.com.vn/files/panels.zip/panels/inc/style/jquery-2.1.1.min.js/JSTag_1[13713][1202] - Ok
-http://www.noinaupho.com.vn/files/panels.zip/panels/inc/style/jquery-2.1.1.min.js - Ok
-http://www.noinaupho.com.vn/files/panels.zip/panels/install.php infected with PHP.BackDoor.75
-http://www.noinaupho.com.vn/files/panels.zip/panels/PvqDq929BSx_A_D_M1n_a.php infected with PHP.BackDoor.75

2 vulnerable jQuery libraries detected: http://retire.insecurity.today/#!/scan/c8a38e56fb8f759c4ba94da89895cf8bf7fca0f4490e0a6599274e2885eef4e6

No reverse DNS: -http://www.noinaupho.com.vn/wp-includes/
GoogleSafe:
OK Load:
588ms Server: 112.78.2.57
nginx ASN: 45538 Vietnam
Online data services Reverse DNS:

Website dangerous,
Misconfigurations → MySQL native password compromised port 3306 1?!,

Blacklisted by: AegisLab WebGuard - malicious site
BitDefender - malware site
G-Data - malware site
Malwarebytes hpHosts - malware site
Dr.Web - malicious site
Emsisoft - malware site
Sophos - malicious site
Yandex Safebrowsing - malware site
Fortinet - malware site
Google Safe Browsing Status Safe !?!

Check For Missing Name Servers Failed Some of the name servers are missing NS records
-ns-bak.matbao.com isn’t listed at -ns-bak.matbao.com
-ns-bak.matbao.com isn’t listed at -ns2.matbao.vn
-ns-bak.matbao.com isn’t listed at -ns1.matbao.vn

polonus (volunteer website security analyst and website error-hunter)

Announcements